Re: ssh and ids
From: Christian Kreibich (christian_at_whoop.org)
Date: 06/24/04
- Previous message: Michael Cunningham: "RE: Network Behaviour Anomoly Detection"
- In reply to: Martin Roesch: "Re: ssh and ids"
- Next in thread: Tony Carter: "Re: ssh and ids"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Focus IDS <focus-ids@securityfocus.com> Date: Thu, 24 Jun 2004 00:24:45 -0700
Hey Marty,
On Tue, 2004-06-22 at 14:11, Martin Roesch wrote:
>
> RNA doesn't just do "port profiling". The detection of a new active
> port/service/protocol/server/etc may indicate activity that should be
> analyzed by our policy compliance analysis stage on our management
> console (now called the Sourcefire Defense Center).
how do you let people express policies? Couldn't really find any info on
that on your site (if it's in the downloadable papers -- sorry couldn't
be bothered to fill in the form).
> The result of this
> analysis can then be leveraged to provide whatever kind of response the
> user in interested in.
again, how do you let the user express this?
Thanks,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Michael Cunningham: "RE: Network Behaviour Anomoly Detection"
- In reply to: Martin Roesch: "Re: ssh and ids"
- Next in thread: Tony Carter: "Re: ssh and ids"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
